Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SQOUT: A Risk-Based Threat Analysis Framework for Quantum Communication Systems

Michal Krelina, Tom Sorger, Bob Dirks

TL;DR

The paper tackles the urgent need for cybersecurity risk management in quantum communication systems by introducing SQOUT, a MITRE ATT&CK–inspired threat-intelligence platform tailored to quantum protocols and hardware. It combines end-to-end kill-chain modelling with ISO/IEC 27005–aligned risk assessment to produce actionable likelihood and impact scores for quantum attacks, demonstrated on a Photon-Number Splitting (PNS) scenario. Key contributions include a structured attack taxonomy for quantum threats, a kill-chain based risk framework, and an interactive platform that supports threat modelling and risk governance. The work enables practical, repeatable risk assessment for real-world quantum deployments and outlines paths to extend the approach to broader quantum technologies and threat intelligence integration.

Abstract

This paper addresses the urgent need for a cybersecurity framework tailored to quantum communication systems as the world transitions to quantum-safe infrastructures. While quantum communication promises unbreakable security, real-world deployments are vulnerable to physical, protocol, and operational risks. Our work presents a structured framework for analysing these threats, combining a TTP-style (Tactic, Technique, Procedure) approach with a specific risk assessment methodology. We introduce SQOUT, a quantum threat intelligence platform, and illustrate its application using a Photon-Number-Splitting (PNS) attack kill chain. Furthermore, we apply established international standards and best practices for information security risk management to assess quantum-specific risk scenarios, providing practical guidance for safeguarding emerging quantum infrastructures.

SQOUT: A Risk-Based Threat Analysis Framework for Quantum Communication Systems

TL;DR

The paper tackles the urgent need for cybersecurity risk management in quantum communication systems by introducing SQOUT, a MITRE ATT&CK–inspired threat-intelligence platform tailored to quantum protocols and hardware. It combines end-to-end kill-chain modelling with ISO/IEC 27005–aligned risk assessment to produce actionable likelihood and impact scores for quantum attacks, demonstrated on a Photon-Number Splitting (PNS) scenario. Key contributions include a structured attack taxonomy for quantum threats, a kill-chain based risk framework, and an interactive platform that supports threat modelling and risk governance. The work enables practical, repeatable risk assessment for real-world quantum deployments and outlines paths to extend the approach to broader quantum technologies and threat intelligence integration.

Abstract

This paper addresses the urgent need for a cybersecurity framework tailored to quantum communication systems as the world transitions to quantum-safe infrastructures. While quantum communication promises unbreakable security, real-world deployments are vulnerable to physical, protocol, and operational risks. Our work presents a structured framework for analysing these threats, combining a TTP-style (Tactic, Technique, Procedure) approach with a specific risk assessment methodology. We introduce SQOUT, a quantum threat intelligence platform, and illustrate its application using a Photon-Number-Splitting (PNS) attack kill chain. Furthermore, we apply established international standards and best practices for information security risk management to assess quantum-specific risk scenarios, providing practical guidance for safeguarding emerging quantum infrastructures.

Paper Structure

This paper contains 27 sections, 15 equations, 2 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Risk and Threat Assessment
  3. Attacks on Quantum Taxonomy
  4. Defining Attacks
  5. Attack Mechanism
  6. Additional Classifications
  7. Tactics
  8. SQOUT
  9. Kill Chain Example
  10. Risk Analysis and Evaluation
  11. Context Establishment
  12. Risk Analysis
  13. Likelihood Estimation
  14. Technique-level Scoring.
  15. Aggregation to Scenario Raw Likelihood.
  16. ...and 12 more sections

Figures (2)

  • Figure 1: Hierarchical taxonomy of attacks on quantum communication systems.
  • Figure 2: PNS attack kill chain. Extracted from SQOUT.